What is the severity of CVE-2024-23350?

CVE-2024-23350 is classified as a Permanent Denial of Service (DOS) vulnerability.

How do I fix CVE-2024-23350?

To address CVE-2024-23350, ensure updating to the latest firmware versions provided by Qualcomm or Google that include patches for this vulnerability.

Which products are affected by CVE-2024-23350?

CVE-2024-23350 affects various Qualcomm firmware products including WSA8845, WSA8840, WCD9395, and Android systems.

What type of attack can exploit CVE-2024-23350?

CVE-2024-23350 can be exploited through malicious payloads sent via DL NAS transport.

Is there any known exploit for CVE-2024-23350?

As of now, there have been reports of exploitation of CVE-2024-23350, resulting in active attacks leveraging this vulnerability.

Vulnerability/
CVE-2024-23350

medium

6.5

CWE

617

5/8/2024

25/3/2025

CVE-2024-23350: Reachable Assertion in Multi Mode Call Processor

First published: Mon Aug 05 2024(Updated: )

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
All of
Qualcomm WSA8845 Firmware
Qualcomm WSA8845H Firmware
All of
Qualcomm WSA8845H
Qualcomm WSA8845 Firmware
All of
Qualcomm WSA8840 Firmware
Qualcomm WSA8840 Firmware
All of
Qualcomm WCD9395 Firmware
Qualcomm WCD9395 Firmware
All of
Qualcomm WCD9390 Firmware
Qualcomm WCD9390 Firmware
All of
Qualcomm WCD9340 Firmware
Qualcomm WCD9340 Firmware
All of
Qualcomm Snapdragon X75 5G Modem-RF System Firmware
Qualcomm Snapdragon X75 5G Modem-RF
All of
Qualcomm Snapdragon X72 5G-RF System Firmware
Qualcomm Snapdragon X72 5G Modem-RF
All of
Qualcomm Snapdragon X35 5G-RF System Firmware
Qualcomm Snapdragon X35 5G-RF System
All of
Qualcomm Snapdragon Auto 5G-RF Gen 2 Firmware
Qualcomm Snapdragon Auto 5G Modem-RF
All of
Qualcomm Snapdragon 8 Gen 3 Mobile Firmware
Qualcomm Snapdragon 8 Gen 3 Mobile Platform
All of
Qualcomm QFW7124
Qualcomm QFW7124
All of
Qualcomm QFW7114 Firmware
Qualcomm QFW7114 Firmware
All of
Qualcomm QEP8111 Firmware
Qualcomm QEP8111 Firmware
All of
Qualcomm QCN6274 Firmware
Qualcomm QCN6274 Firmware
All of
Qualcomm QCN6224 Firmware
Qualcomm QCN6224 Firmware
All of
Qualcomm QCC710
Qualcomm QCC710
All of
Qualcomm QCA8337 Firmware
Qualcomm QCA8337 Firmware
All of
Qualcomm QCA8081 firmware
Qualcomm QCA8081 firmware
All of
Qualcomm QCA6698AQ
Qualcomm QCA6698AQ Firmware
All of
Qualcomm QCA6584AU Firmware
Qualcomm QCA6584AU firmware
All of
Qualcomm QCA6174A Firmware
Qualcomm QCA6174A Firmware
All of
Qualcomm FastConnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware
All of
Qualcomm AR8035 Firmware
Qualcomm AR8035 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-23350?
CVE-2024-23350 is classified as a Permanent Denial of Service (DOS) vulnerability.
How do I fix CVE-2024-23350?
To address CVE-2024-23350, ensure updating to the latest firmware versions provided by Qualcomm or Google that include patches for this vulnerability.
Which products are affected by CVE-2024-23350?
CVE-2024-23350 affects various Qualcomm firmware products including WSA8845, WSA8840, WCD9395, and Android systems.
What type of attack can exploit CVE-2024-23350?
CVE-2024-23350 can be exploited through malicious payloads sent via DL NAS transport.
Is there any known exploit for CVE-2024-23350?
As of now, there have been reports of exploitation of CVE-2024-23350, resulting in active attacks leveraging this vulnerability.

agent/weakness
agent/title
agent/type
agent/description
agent/author
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-36971
alias/CVE-2024-32896
alias/CVE-2024-29748
alias/CVE-2024-23350
collector/the-register
source/The Register
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/first-publish-date
agent/trending
agent/source
agent/last-modified-date
agent/event
collector/android-source
source/Android
agent/software-canonical-lookup
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
vendor/google
canonical/android
vendor/qualcomm
canonical/qualcomm wsa8845 firmware
canonical/qualcomm wsa8845h firmware
canonical/qualcomm wsa8845h
canonical/qualcomm wsa8840 firmware
canonical/qualcomm wcd9395 firmware
canonical/qualcomm wcd9390 firmware
canonical/qualcomm wcd9340 firmware
canonical/qualcomm snapdragon x75 5g modem-rf system firmware
canonical/qualcomm snapdragon x75 5g modem-rf
canonical/qualcomm snapdragon x72 5g-rf system firmware
canonical/qualcomm snapdragon x72 5g modem-rf
canonical/qualcomm snapdragon x35 5g-rf system firmware
canonical/qualcomm snapdragon x35 5g-rf system
canonical/qualcomm snapdragon auto 5g-rf gen 2 firmware
canonical/qualcomm snapdragon auto 5g modem-rf
canonical/qualcomm snapdragon 8 gen 3 mobile firmware
canonical/qualcomm snapdragon 8 gen 3 mobile platform
canonical/qualcomm qfw7124
canonical/qualcomm qfw7114 firmware
canonical/qualcomm qep8111 firmware
canonical/qualcomm qcn6274 firmware
canonical/qualcomm qcn6224 firmware
canonical/qualcomm qcc710
canonical/qualcomm qca8337 firmware
canonical/qualcomm qca8081 firmware
canonical/qualcomm qca6698aq
canonical/qualcomm qca6698aq firmware
canonical/qualcomm qca6584au firmware
canonical/qualcomm qca6174a firmware
canonical/qualcomm fastconnect 7800 firmware
canonical/qualcomm fastconnect 6900 firmware
canonical/qualcomm ar8035 firmware